This topic describes the release notes for VPN Gateway and provides links to the relevant references.
May 2025
Feature | Category | Description | References |
New region supporting VPN Gateway available | New feature | The Mexico region supports VPN Gateway. |
December 2024
Feature | Category | Description | References |
O&M event | New feature | To provide stable VPN services, system maintenance operations (O&M events), such as instance restarts, are periodically performed on VPN Gateway resources. O&M events are proactively initiated and automatically executed on the VPN Gateway side. These events are typically triggered by factors such as system updates, hardware upgrades, and issue fixes. After an O&M event occurs in your VPN Gateway resources, you can log on to the VPN Gateway console to view the affected resources and the default scheduled execution time for the O&M event. The execution time of the O&M event is user configurable. If no changes are made, the O&M event will be automatically executed at the default execution time. During the execution of an O&M event, your network may be adversely affected. You can reduce the impact by modifying the configuration. |
November 2024
Feature | Category | Description | References |
Dual-tunnel IPsec-VPN connections | Optimized feature | In scenarios where a VPN gateway is associated with a transit router, the dual-tunnel mode is used to improve the availability of IPsec-VPN connections. Each IPsec-VPN connection consists of two tunnels that serve as Equal-Cost Multipath Routing (ECMP) paths. When a tunnel is down, traffic is forwarded through the other tunnel. In a region that contains multiple zones, the two tunnels of an IPsec-VPN connection are automatically spread in different zones to implement zone-disaster recovery. | Introduction to IPsec-VPN connections that are associated with transit routers in dual-tunnel mode |
May 2024
Feature | Type | Description | References |
Two-factor authentication for SSL-VPN | Optimization | Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) 1.0 instances can no longer be purchased. To improve user experience, VPN gateway allows you to use IDaaS EIAM 2.0 instances for two-factor authentication in SSL-VPN connections. You can create a VPN gateway or upgrade a VPN gateway to the latest version and associate an SSL server on the VPN gateway with an IDaaS EIAM 2.0 instance to use two-factor authentication. | [Change notice] SSL-VPN supports IDaaS EIAM 2.0 instances for two-factor authentication |
June 2023
Feature | Type | Description | References |
Dual-tunnel IPsec-VPN connections | Optimization | Dual-tunnel IPsec-VPN connections are supported. In this mode, each IPsec-VPN connection has one active tunnel and one standby tunnel in different zones. If the active tunnel is down, the standby tunnel takes over. This implements high availability. |
February 2023
Feature | Type | Description | References |
Troubleshooting | New feature | You can view the logs of IPsec-VPN connections and SSL-VPN connections, and error codes of IPsec-VPN connections in the VPN Gateway console. After you activate Network Intelligence Service (NIS) for VPN Gateway, you can troubleshoot VPN Gateway issues by using features such as VPN gateway diagnostics and reachability analyzer. You can troubleshoot VPN gateway issues on the Troubleshooting page in the Virtual Private Cloud (VPC) console. | |
Reachability analyzer | New feature | VPN Gateway works with NIS and supports the reachability analyzer feature. You can use this feature to check the connectivity between the resources that are connected over a VPN gateway. |
January 2023
Feature | Type | Description | References |
IPsec-VPN connection error codes | New feature | You can view the error codes of IPsec-VPN connections. You can troubleshoot an IPsec-VPN connection issue based on the error code and log data of the IPsec-VPN connection displayed in the VPN Gateway console. | |
VPN gateway diagnostics | New feature | VPN gateway works with NIS. You can use NIS to diagnose VPN gateways and obtain solutions. You can use this feature to troubleshoot IPsec negotiation issues, route configuration issues, and VPN gateway status issues. | |
SSL-VPN connection logs | Optimization | You can query the logs of an SSL server within the last 180 days. The maximum duration of each log that you can query is 10 minutes. |
December 2022
Feature | Type | Description | References |
Connection information about an SSL client | New feature | You can view the connection information about an SSL client in the console after you connect the client to Alibaba Cloud through an SSL-VPN connection. | |
Priority | Optimization | You can specify a priority for a policy-based route. Policy-based routes are matched against traffic in descending order of route priority. A smaller priority value indicates a higher priority. The VPN gateway forwards traffic based on the matched route. |
November 2022
Feature | Type | Description | References |
Maximum bandwidth supported by a VPN gateway | Optimization | The maximum bandwidth supported by a VPN gateway is increased up to 1,000 Mbit/s in multiple regions. |
August 2022
Feature | Type | Description | References |
A transit router (TR) can be associated with an IPsec-VPN connection. | New feature | After a TR is associated with an IPsec-VPN connection, a data center can connect to the VPC. In addition, the high availability of the IPsec-VPN connection can be implemented by using equal-cost multi-path routing (ECMP). |
April 2022
Feature | Type | Description | References |
Private VPN gateways | New feature | Private VPN gateways are available. You can use private VPN gateways to encrypt connections over Express Connect circuits. This improves network security. |
August 2021
Feature | Type | Description | References |
VPN gateway upgrades | New feature | Compared with the earlier versions of VPN Gateway, the latest version supports more features, such as Border Gateway Protocol (BGP) dynamic routing and dead peer detection (DPD). You can upgrade your VPN gateway to the latest version to use the new features. |
June 2020
Feature | Type | Description | References |
BGP dynamic routing | New feature | BGP dynamic routing is supported. VPN gateways can use BGP dynamic routing to automatically learn and advertise routes for communication. |
March 2020
Feature | Type | Description | References |
Two-factor authentication for SSL-VPN | New feature | Alibaba Cloud IDaaS is supported by SSL-VPN connections. IDaaS provides a variety of methods to authenticate SSL clients. |
April 2019
Feature | Type | Description | References |
Route-based IPsec-VPN | Optimization | Policy-based IPsec-VPN is replaced by route-based IPsec-VPN, which provides more flexible traffic routing methods. |